Created
September 14, 2016 19:59
-
-
Save azureru/8c416f60993dae184a6fdaf31b603d2c to your computer and use it in GitHub Desktop.
Nginx Conf Snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# base ssl | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
ssl_prefer_server_ciphers on; | |
ssl_dhparam /etc/nginx/keys.d/dhparam.pem; | |
# tweak | |
client_max_body_size 30M; | |
large_client_header_buffers 4 16k; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay off; | |
keepalive_timeout 20; | |
types_hash_max_size 2048; | |
server_tokens off; | |
# mime | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json; | |
# the usual | |
include /etc/nginx/sites-enabled/*; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment